计算机科学 ›› 2025, Vol. 52 ›› Issue (11A): 241100060-8.doi: 10.11896/jsjkx.241100060
毛瑞琪1, 陈哲1,2
MAO Ruiqi1, CHEN Zhe1,2
摘要: 缓冲区溢出等内存安全问题长久困扰C语言开发者。运行时检测是解决C语言内存安全问题的可靠方法,但也引入了较高的运行时开销。现存的内存安全运行时检测开销削减方法或不兼容已有代码、依赖人工标注,或在削减开销的同时引入漏报和误报,或无法保证非法访存和检测报错的时序性。对此,提出了一种结合静态分析的针对栈上内存区域的轻量化运行时检测方法,将部分运行时元数据查询替换为编译时元数据查询,将大部分高开销的检测函数调用替换为轻量化的内联布尔条件判断,并使用跨过程的按需别名分析将方法扩展到跨过程分析、全程序检测。基于C语言抽象语法树进行静态分析和检测代码插桩,实现了原型工具LISA(Lightweight Inline Safety Assertion)。实验结果表明,LISA降低运行时检测的时间开销平均达36%,仅引入约0.5%额外的空间开销。此外,LISA还解决了现存方法不兼容已有代码、运行时检测有效性低、无法实时保证内存安全的问题。
中图分类号:
| [1]YE D,SU Y,SUI Y,et al.WPBOUND:Enforcing Spatial Memo-ry Safety Efficiently at Runtime with Weakest Preconditions[C]//IEEE 25th International Symposium on Software Reliabi-lity Engineering.2014:88-99. [2]CHEN Z,WANG C,YAN J,et al.Runtime Detection of Memory Errors with Smart Status[C]//30th ACM SIGSOFT International Symposium on Software Testing and Analysis.2021:296-308. [3]SANTOSH N,JIANZHOU Z,MILO M,et al.SoftBound:highly compatible and complete spatial memory safety for C[C]//Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation.2009:245-258. [4]KONSTANTIN S,DEREK B,ALEXANDER P,et al.AddressSanitizer:A Fast Address Sanity Checker[C]//2012 USENIX Annual Technical Conference.2012:309-318. [5]NICHOLAS N,JULIAN S.Valgrind:a framework for heavy-weight dynamic binary instrumentation[C]//Proceedings of the ACM SIGPLAN 2007 Conference on Programming Language Design and Implementation.2007:89-100. [6]GEORGE C,JEREMY C,MATTHEW H,et al.CCured:type-safe retrofitting of legacy software[J].ACM Transactions on Programming Languages and Systems,2005,27(3):477-526. [7]ARCHIBALD S,ANDREW R,MICHAEL H,et al.Checked C:Making C Safe by Extension[C]//2018 IEEE Cybersecurity Development.2018:53-60. [8]JONAS W,VOLODYMYR K,GEORGEC,et al.High system-code security with low overhead[C]//IEEE Symposium on Security and Privacy.2015:866-879. [9]ZHANG J,WANG S,MANUEL R,et al.SANRAZOR:Reducing Redundant Sanitizer Checks in C/C++ Programs[C]//15th USENIX Symposium on Operating Systems Design and Implementation.2021:479-494. [10]ZHANG Y,LIU T,SUN Z,et al.Catamaran:Low-overheadmemory safety enforcement via parallel acceleration[C]//Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis.2023:816-828. [11]CHEN Z,WANG C,KAN S L,et al.Detecting Memory Errors at Runtime with Source-Level Instrumentation[C]//Procee-dings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis.2019:341-351. [12]CHEN Z,WU J,ZHANG Q,et al.A Dynamic Analysis Tool for Memory Safety Based on Smart Status and Source-Level Instrumentation[C]//Proceedings of the 44th ACM/IEEE International Conference on Software Engineering.2022:22-24. [13]CHEN Z,ZHANG Q,WU J,et al.A Source-Level Instrumentation Framework for the Dynamic Analysis of Memory Safety[J].IEEE Transactions on Software Engineering,2023,49(4):2107-2127. [14]CHEN Z,YAN R,MA Y Z,et al.A Smart Status Based Monitoring Algorithm for the Dynamic Analysis of Memory Safety[J].ACM Transactions on Software Engineering and Methodo-logy,2024,33(4):1-17. [15]MATTHEW G,JEFFREY S,DAN E,et al.MiBench:A free,commercially representative embedded benchmark suite[C]//Proceedings of the IEEE 4th Annual Workshop on Workload Characterization.2001:3-14. [16]Facebook infer[EB/OL].https://fbinfer.com/. [17]Clang static analyzer[EB/OL].https://clang-analyzer.llvm.org/ [18]SUI Y,YE D,XUE J.Static memory leak detection using full-sparse value-flow analysis[C]//Proceedings of the 2012 International Symposium on Software Testing and Analysis.2012:254-264. [19]International Organization for Standardization,ISO/IEC 9899:1999:Programming Languages-C[S].ISO,1999. |
|
||
首页